如何在MySql中避免撇号(')? [英] How to escape apostrophe (') in MySql?
问题描述
MySQL文档表示应该是 \'
。但是,scite和mysql都显示''
可以正常工作。我看到它,它的作品。我应该怎么做?
The MySQL documentation says that it should be \'
. However, both scite and mysql shows that ''
works. I saw that and it works. What should I do?
推荐答案
你引用的MySQL文档实际上比你提到的更多一点。它也说,
The MySQL documentation you cite actually says a little bit more than you mention. It also says,
在
code>'可以写成
'
。
(另外,您链接到表8.1的MySQL 5.0版本。特殊字符转义序列 ,当前版本为5.6 - 但目前的表8.1。 >特殊字符转换序列 看起来很相似。)
(Also, you linked to the MySQL 5.0 version of Table 8.1. Special Character Escape Sequences, and the current version is 5.6 — but the current Table 8.1. Special Character Escape Sequences looks pretty similar.)
我认为 Postgres注释在 backslash_quote(string)
参数是资料性的:
I think the Postgres note on the backslash_quote (string)
parameter is informative:
这可以控制引号是否可以由
\'
一个字符串文字。代表引号的首选SQL标准方法是将其加倍(''
),但PostgreSQL历来也接受\'
。但是,使用\'
会产生安全风险...
This controls whether a quote mark can be represented by
\'
in a string literal. The preferred, SQL-standard way to represent a quote mark is by doubling it (''
) but PostgreSQL has historically also accepted\'
. However, use of\'
creates security risks...
对我来说,使用双引号字符是比使用反斜杠逃避单引号更好的整体和长期选择。
That says to me that using a doubled single-quote character is a better overall and long-term choice than using a backslash to escape the single-quote.
现在如果你也要添加语言的选择,SQL数据库的选择及其非标准怪癖,以及对方程式的查询框架的选择,那么您可能会选择不同的选择。你不会提供关于你的限制的很多信息。
Now if you also want to add choice of language, choice of SQL database and its non-standard quirks, and choice of query framework to the equation, then you might end up with a different choice. You don't give much information about your constraints.
这篇关于如何在MySql中避免撇号(')?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!